Commit Graph

1228 Commits

Author SHA1 Message Date
Peter Steinberger
8bebdd0d03 test(matrix): delivery trace goldens for generation-scoped edit streaming (#104596) 2026-07-11 10:55:27 -07:00
Peter Steinberger
3902adf9f6 refactor(channels): adopt core retryAsync for hand-rolled retry loops (#104431) 2026-07-11 04:30:21 -07:00
Peter Steinberger
de282b4d0d refactor(matrix): adopt core claimable dedupe with doctor-owned state migration (#104391)
* refactor(matrix): adopt core claimable dedupe for inbound events

* fix(matrix): migrate legacy inbound dedupe markers via doctor

* fix(matrix): single-pool dedupe namespace and capacity-aware legacy import

* fix(matrix): keep unreadable legacy dedupe JSON in place during doctor import
2026-07-11 03:38:54 -07:00
Peter Steinberger
d8bf51b462 fix(discord): single-source thread-binding default placement and guard artifact parity (#104342)
* fix(discord): single-source thread-binding default placement and guard artifact parity

* fix(tests): load thread-binding parity artifacts via sanctioned contract test helpers
2026-07-11 02:50:53 -07:00
Peter Steinberger
7bf80dc2c6 chore(tooling): enforce formatting and refresh TypeScript checks (#104239)
* chore(tooling): enforce current formatter and refresh checks

* chore(tooling): keep release changelog formatter-owned

* chore(tooling): retain compatible Node type surface

* ci: enforce formatting for docs-only changes

* ci: isolate docs formatter check

* chore(tooling): apply updated lint and format rules

* chore(tooling): satisfy updated switch lint

* style(ui): apply Linux formatter layout

* test(doctor): match quiet local audio contribution

* test(doctor): assert quiet output only

* test(doctor): follow restored information contract
2026-07-11 01:09:51 -07:00
Josh Avant
fbd330b7aa fix(channels): honor configured read target policies (#99905)
* fix(channels): enforce configured read targets

* test(channels): align policy checks with boundaries

* fix: bind channel reads to trusted turn context

* test: satisfy gateway lint

* fix: narrow message action channel imports

* fix(feishu): authorize message reads before provider access

* fix(slack): await reaction clear authorization

* fix(channels): align provider action contracts

* fix(matrix): read direct-room account data before sync

* fix(channels): reject unsupported attachment actions early

* fix: restore trusted operator conversation reads

* fix(matrix): authorize pin actions before provider reads

* fix: preserve trusted channel read workflows

* fix(discord): resolve current channel ids consistently

* fix(agents): preserve message action turn capability

* fix(plugins): enforce host-owned read provenance

* fix(channels): harden Teams and Discord read policy

* fix(channels): preserve exact-current action compatibility

* fix(imessage): authorize trusted current chat aliases

* fix(channels): preserve normalized current aliases

* fix(channels): preserve external current target aliases

* fix: reconcile channel policy with current main

* fix(discord): isolate DM read policy

* fix(channels): enforce provider read gates

* fix(gateway): await serialized message action identity tokens

* fix(ci): refresh channel protocol contracts
2026-07-10 22:29:37 -05:00
Peter Steinberger
dba64d574f chore(release): set version to 2026.7.2 2026-07-11 04:00:49 +01:00
Peter Steinberger
add2c586c2 feat(slack): support native chart presentations (#102635) 2026-07-10 04:05:23 +01:00
Miorbnli
18e80760a7 fix(channels): keep inbound log previews UTF-16 safe (#102407)
* fix(matrix): truncate inbound preview on UTF-16 code-point boundary

The matrix inbound verbose preview used bodyText.slice(0, 200) before logging.
When a supplementary-plane character (emoji, extended CJK) straddles the 200th
code unit, the slice splits its surrogate pair and emits a lone surrogate into
the verbose log line. Lone surrogates corrupt JSON log serialization, break
terminal rendering, and crash UTF-8-validating log shippers.

Use the shared truncateUtf16Safe helper (already used by the mattermost sibling
monitor after #101630) to keep complete surrogate pairs intact. No behavior
change for ASCII input; the preview is still capped at 200 code units.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(matrix): fix inbound-preview test for lint and lib target

- Avoid String.prototype.isWellFormed (ES2024 lib): use the encodeURIComponent
  well-formedness probe instead, which works on the project's TS lib target.
- Replace literal string concatenation with template strings to satisfy the
  no-useless-concat lint rule. No behavior change in the assertions.

Co-Authored-By: Claude <noreply@anthropic.com>

* fix(channels): keep inbound log previews UTF-16 safe

* test(line): type verbose preview fixtures

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 07:32:55 +01:00
wangmiao0668000666
acac359de6 fix(matrix): keep HTTP error and tool-progress truncations UTF-16 safe (#102395)
* fix(matrix): keep HTTP error and tool-progress truncations UTF-16 safe

* test(matrix): prove UTF-16 truncation boundaries

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-09 06:15:46 +01:00
Alix-007
35d5ea069a fix(matrix): handle stdout/stderr stream errors in dependency commands (#101597)
* fix(matrix): handle stdout/stderr stream errors in dependency commands

* fix(matrix): type stream-error test process kill

* fix(matrix): harden dependency stream errors

* test(matrix): fix dependency stream test typings
2026-07-07 21:53:22 -07:00
Vincent Koc
4115e832d8 refactor(matrix): localize internal types (#101954) 2026-07-07 18:54:32 -07:00
Vincent Koc
b88f80940a refactor: localize internal implementation symbols (#101831) 2026-07-07 10:23:36 -07:00
Vincent Koc
3d206140f3 refactor: localize internal implementation constants (#101758) 2026-07-07 08:34:13 -07:00
Vincent Koc
fdc7892a6e refactor: localize internal implementation types (#101731) 2026-07-07 07:41:04 -07:00
Peter Steinberger
a2a68d154b fix(agent): preserve explicit recipient sessions (#101507)
* fix(agent): honor recipient session routing

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): preserve canonical recipient routes

* fix(agent): require exact recipient routes

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>

Co-authored-by: pingfanfan <pingfan.work@gmail.com>

* fix(agent): harden recipient route resolution

* fix(imessage): require canonical recipient handles

* fix(agent): refine provider recipient exactness

* fix(agent): bound direct alias session routing

* fix(signal): preserve direct alias route type

* fix(agent): honor binding-scoped recipient sessions

* fix(routing): honor configured main session aliases

* fix(clickclack): align account-owned session routes

* fix(twitch): preserve canonical recipient sessions

* fix(routing): isolate stable outbound identities

* chore: defer recipient session changelog

* fix(sms): use dedicated channel SDK facade

---------

Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: pingfanfan <pingfan.work@gmail.com>
2026-07-07 10:07:13 +01:00
Peter Steinberger
a04b6ced4f test: stabilize load-sensitive test families that break gates under parallel load (#100420)
* test: stabilize process-heavy fixtures under load

* test: stabilize channel mocks under load
2026-07-05 12:53:06 -07:00
Peter Steinberger
deac98eb72 fix: harden small runtime and installer edge cases (#100258)
* fix(media): preserve dollar sequences in transcript echoes

Co-authored-by: uditDewan <udit.dewan21@gmail.com>

* fix(mcp): catch rejected gateway event handlers

Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>

* fix(auto-reply): support punctuated silent token prefixes

Co-authored-by: simon-w <weng.qimeng@xydigit.com>

* fix(discord): keep voice log previews UTF-16 safe

Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>

* fix(clawrouter): bound usage response reads

Co-authored-by: 杨浩宇0668001029 <yang.haoyu@xydigit.com>

* fix(browser): bound CDP JSON response reads

Co-authored-by: hailory <hailory@xydigit.com>

* fix(status): include current time in session status

Co-authored-by: connermo <conner.mo@gmail.com>

* fix(installer): require Arch detection before pacman

Co-authored-by: Iliya Abolghasemi <gfaerny@gmail.com>

* fix(apps): default TLS gateway deep links to port 443

Co-authored-by: ben.li <li.yang6@xydigit.com>

* fix(infra): keep Undici terminated exceptions nonfatal

Co-authored-by: harjoth <harjoth.khara@gmail.com>

* fix(auto-reply): avoid Unicode-unsafe token spread

---------

Co-authored-by: uditDewan <udit.dewan21@gmail.com>
Co-authored-by: 陈宪彪0668000387 <chen.xianbiao@xydigit.com>
Co-authored-by: simon-w <weng.qimeng@xydigit.com>
Co-authored-by: sunlit-deng <yang.jiajun1@xydigit.com>
Co-authored-by: 杨浩宇0668001029 <yang.haoyu@xydigit.com>
Co-authored-by: hailory <hailory@xydigit.com>
Co-authored-by: connermo <conner.mo@gmail.com>
Co-authored-by: Iliya Abolghasemi <gfaerny@gmail.com>
Co-authored-by: ben.li <li.yang6@xydigit.com>
Co-authored-by: harjoth <harjoth.khara@gmail.com>
2026-07-05 05:33:11 -07:00
Dallin Romney
c2fc7aa28a refactor: consolidate exact keyed async queues (#99691)
* refactor: consolidate keyed async queues

* chore: refresh merge-ref CI

* refactor: encapsulate keyed queue ownership
2026-07-04 16:45:07 -07:00
Dallin Romney
dc3b5df684 refactor(types): remove redundant local aliases (#100061)
* refactor(models): remove redundant generation model ref alias

* refactor(types): remove redundant local aliases

* refactor(types): preserve shipped model ref type
2026-07-04 16:34:47 -07:00
Peter Steinberger
614e87cce1 chore: update dependencies (#100027) 2026-07-04 14:56:50 -04:00
Vincent Koc
787f3a2ce5 test(channels): align outbound delivery assertions 2026-07-04 15:13:16 +02:00
Peter Steinberger
eafe2a8d0b refactor: consolidate duplicated plugin state and doctor migration plumbing onto SDK seams (#99850)
* refactor(plugin-sdk): add createPersistentDedupeCache and migrate channel presence caches

* refactor(matrix): adopt SDK approval reaction target store

* refactor(plugin-sdk): share doctor legacy-state migration fs helpers

* refactor(memory-core): dedupe qmd cache entry envelope validation

* chore(plugin-sdk): pin surface budgets for shared dedupe and doctor helpers

* test(matrix): use future approval expiry fixtures for reaction targets

* test(matrix): use future approval expiry fixtures for reaction targets
2026-07-04 01:51:03 -07:00
xingzhou
741d9524be fix: outbound recovery can replay already sent replies (#99600)
* fix(outbound): avoid replaying sent recovery deliveries

* fix(outbound): persist recovery send state before ack

Co-authored-by: zhang-guiping <zhang.guiping@xydigit.com>

* fix(outbound): preserve partial send evidence across adapters

* test(line): cover multi-send delivery progress

* fix(outbound): preserve repeated receipt result multiplicity

* test(heartbeat): expect delivery progress callback

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-07-04 01:09:12 -07:00
LZY3538
e272da5c55 fix: keep always-on group fallback messages in dispatch (#99506)
* fix(auto-reply): honor always-on plugin fallback groups

* fix(channels): preserve mention policy across bindings

* test(discord): type mention policy dispatch context

* test(discord): type mention policy dispatch context

* fix(whatsapp): preserve effective mention policy

* fix(whatsapp): preserve effective mention policy

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
Co-authored-by: Peter Steinberger <peter@steipete.me>
2026-07-03 07:26:45 -07:00
Dallin Romney
59b08b4693 refactor(shared): consolidate remaining channel lazy loaders (#99302) 2026-07-02 19:08:11 -07:00
Vincent Koc
75240f4385 fix(qa-matrix): read account state from sqlite 2026-07-01 22:56:12 -07:00
Alix-007
76038c3a62 fix(matrix): bound raw transport response reads
* fix(matrix): bound raw transport response reads to prevent OOM

* test(matrix): add real node:http server proof for bound transport

Two new integration-style tests drive performMatrixRequest against a real
node:http server (no stubRuntimeFetch mock) using real undici + SSRF
dispatcher and ssrfPolicy.allowPrivateNetwork:

- over-cap: server declares Content-Length > MATRIX_SDK_RESPONSE_MAX_BYTES
  with maxBytes omitted → rejects MatrixMediaSizeLimitError (68 ms wall)
- under-cap: server returns small payload with maxBytes omitted → Buffer
  returned correctly (12 ms wall)

Addresses ClawSweeper feedback: previous proof showed only Vitest mock
output; these tests exercise the real Matrix runtime fetch path end-to-end.

* test(matrix): satisfy lint for transport proof

* fix(matrix): preserve encrypted media download limits

* test(matrix): add streaming OOM guard proof via real node:http server without Content-Length

Drive readResponseWithLimit directly by omitting Content-Length so that
enforceDeclaredResponseSize is a no-op and the streaming byte cap is the
sole enforcement path. A 20 MiB chunked server response with a 16 MiB
cap confirms the stream is canceled before full buffering (chunksWritten
< TOTAL_CHUNKS). A second case verifies under-cap payloads pass through.

* test(matrix): fix lint errors in real HTTP server proof (curly)

* test(matrix): add under-cap proof to real HTTP server test
2026-07-01 04:02:13 -07:00
lsr911
853a274f14 fix(matrix): guard JSON.parse against malformed homeserver response bodies (#97973)
Wrap JSON.parse(text) in MatrixAuthedHttpClient.requestJson with try/catch to prevent a malformed Matrix homeserver response from throwing an unhandled SyntaxError.

On parse failure, throw an Error with statusCode attached (matching the buildHttpError convention) so callers can handle it like any other Matrix API error.

Signed-off-by: lsr911 <liao.shirong@xydigit.com>
Co-authored-by: Claude <noreply@anthropic.com>
2026-06-30 18:15:14 -07:00
Vincent Koc
3e2646a786 fix(release): use workspace host deps in release lockfile
(cherry picked from commit d377c0f910)
2026-06-30 15:54:12 -07:00
Vincent Koc
66e676d29b chore(release): close out 2026.6.11 on main 2026-06-30 11:31:08 -07:00
Patrick Erichsen
85ee71223f fix(matrix): use fixed crypto bootstrap command (#97181)
* fix(matrix): use fixed crypto bootstrap command

* chore(matrix): drop release metadata bump
2026-06-29 21:02:00 -07:00
黄伟浩
f4201578e5 fix(matrix): warn on accumulated token storage roots (#97353) 2026-06-28 12:34:52 -07:00
Masato Hoshino
25490d4c42 fix(matrix): sanitize internal tool-trace lines from outbound text (#97372)
Wrap the matrix outbound sanitizeText hook with sanitizeAssistantVisibleText so assistant internal tool-trace scaffolding is stripped before delivery, matching the sibling channel fixes under #90684 (Telegram #95774, Google Chat #95084, IRC #97214).
2026-06-28 11:58:36 -07:00
ly-wang19
55d7b5b36c fix(matrix): truncate reply context on code-point boundaries (#97471)
truncateReplyBody used a raw value.slice(0, MAX_REPLY_BODY_LENGTH - 3)
to shorten long reply bodies. When the cut index fell between the two
UTF-16 code units of a surrogate pair (e.g. an emoji), the slice left a
lone high surrogate before the ellipsis, which renders as a broken glyph
in the reply context shown to the agent.

Replace the raw slice with sliceUtf16Safe from the plugin SDK so the
truncation never cuts inside a surrogate pair. A normal (non-astral)
body is unaffected.

Co-authored-by: ly-wang19 <ly-wang19@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 11:06:36 -07:00
Bartok
289865b392 fix(matrix): truncate thread starter body on code-point boundaries (#97121)
Matrix thread-starter previews truncated long bodies by raw UTF-16
slice, which could cut an astral character (e.g. emoji) and leave a lone
surrogate, rendering mojibake in the agent's thread context.

Reuse the existing sliceUtf16Safe helper so the cut backs up to a valid
surrogate boundary, preserving the 500-code-unit limit and '...' suffix.
Adds a regression test that fails against the raw-slice implementation.

Salvages the original fix from #96407 (auto-closed by the active-PR
queue cap). Preserves @ly-wang19's authorship; rebased clean onto main
by @Bartok9.

Co-authored-by: ly-wang19 <ly-wang19@users.noreply.github.com>
2026-06-27 07:27:38 +08:00
Josh Lehman
7e2b2d2987 refactor: migrate bundled session metadata reads (#96527) 2026-06-24 12:19:53 -07:00
Vincent Koc
0671c08900 chore(release): close out 2026.6.10 on main (#96271)
* chore(release): close out 2026.6.10 on main

* chore(release): align native app metadata for 2026.6.10

* chore(release): sync Android 2026.6.10 notes

* docs(changelog): preserve 2026.6.9 history

* docs(changelog): preserve 2026.6.9 history
2026-06-24 11:51:14 +08:00
Peter Steinberger
21c8cf9889 fix(matrix): bound SDK response bodies 2026-06-23 13:30:55 -07:00
Alix-007
4e99ec6224 fix(matrix): use JSON-specific idle-timeout diagnostic on bounded JSON read
The non-raw JSON read in performMatrixRequest fell back to the bound
reader's default media idle-timeout message ('Matrix media download
stalled: ...'), which is misleading for a JSON control-plane read. Pass
a JSON-specific onIdleTimeout so a stalled JSON stream now rejects with
'Matrix JSON response stalled: no data received for {ms}ms', letting the
timeout diagnostic distinguish a stalled JSON read from a stalled
raw/media read. Update the regression assertion accordingly.
2026-06-23 13:30:55 -07:00
Alix-007
a36d29c347 fix(matrix): bound non-raw JSON response body in transport 2026-06-23 13:30:55 -07:00
Patrick Erichsen
0feffda3fc fix(plugins): remove simpleicons icon color paths (#95987) 2026-06-23 12:16:02 -07:00
Patrick Erichsen
0a97f73402 feat: add bundled plugin icon manifest URLs (#95845) 2026-06-22 22:14:18 -07:00
Dirk
96e49705a6 fix(matrix): prune finished fake-indexeddb transactions to prevent OOM (#94942)
fake-indexeddb@6.2.5 retains finished transactions in raw.transactions
array indefinitely. For Matrix E2EE crypto stores, this causes unbounded
heap growth and eventual OOM crashes.

Add a transaction pruner that patches IDBDatabase.prototype.transaction
to automatically remove finished transactions for Matrix crypto databases
(::matrix-sdk-crypto and ::matrix-sdk-crypto-meta suffixes).

Fixes #90455
2026-06-22 18:06:55 +00:00
Vincent Koc
5c5a8a49d7 fix(matrix): handle missing secret storage facade 2026-06-22 12:53:19 +02:00
Vincent Koc
03a71f3b46 fix(matrix): prevent double bootstrapCrossSigning reset in forced reset (#95720)
Merged via squash.

Prepared head SHA: afa7684e4b
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
2026-06-22 02:45:56 -07:00
Vincent Koc
690efd2a16 chore(deadcode): inline constant helper stubs 2026-06-22 03:14:04 +08:00
Vincent Koc
b039e949b6 chore(release): close out 2026.6.9 2026-06-21 12:24:15 +08:00
Vincent Koc
5e329f4065 fix(channels): preserve command progress detail (#94868)
Merged via squash.

Prepared head SHA: 3217f45e61
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: vincentkoc <25068+vincentkoc@users.noreply.github.com>
Reviewed-by: @vincentkoc
2026-06-19 16:36:36 +08:00
Vincent Koc
74f90885f3 fix(release): unblock beta validation 2026-06-19 10:01:28 +08:00